Yang Liu,Bingsheng Zhang,Yuxiang Ma,Zhuo Ma,Zecheng Wu

DOI: https://doi.org/10.1109/tifs.2023.3288455

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The world has observed an increasing trend in the development of Privacy-Preserving Machine Learning (PPML) for cross-silo collaborative model training over sensitive data. As the first essential step of cross-silo PPML, it is critical that the parties can align their dataset with privacy assurance, i.e., private data join. However, the existing private data join methods typically leak the ID information in the dataset intersection, which often raises privacy concerns. In this work, we propose iPrivJoin: a novel framework of ID-private data join for PPML. Compared with naively using circuit-based Private Set Intersection (circuit-PSI) for data join, the proposed framework has two advantages: 1) data volume reduction. iPrivJoin utilizes oblivious shuffle to securely trim off the redundant data that is outside the intersection, while the entire dataset needs to be carried to further process in the circuit-PSI based approach. 2) efficiency improvement. iPrivJoin introduces a new private encoding technique to avoid the expensive circuit evaluation that is needed in circuit-PSI. As a result, compared with directly using circuit-PSI, PPML with iPrivJoin enjoys approximately 3x of speedup. Moreover, we propose a new oblivious shuffle protocol, which may be of independent interest. It achieves 1.44x of speedup to the state-of-the-art in the real-world WAN network setting.

Ágnes Kiss,Jian Liu,Thomas Schneider,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1515/popets-2017-0044

2017-01-01

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Private set intersection (PSI) is a cryptographic technique that is applicable to many privacy-sensitive scenarios. For decades, researchers have been focusing on improving its efficiency in both communication and computation. However, most of the existing solutions are inefficient for an unequal number of inputs, which is common in conventional client-server settings. In this paper, we analyze and optimize the efficiency of existing PSI protocols to support precomputation so that they can efficiently deal with such input sets. We transform four existing PSI protocols into the precomputation form such that in the setup phase the communication is linear only in the size of the larger input set, while in the online phase the communication is linear in the size of the smaller input set. We implement all four protocols and run experiments between two PCs and between a PC and a smartphone and give a systematic comparison of their performance. Our experiments show that a protocol based on securely evaluating a garbled AES circuit achieves the fastest setup time by several orders of magnitudes, and the fastest online time in the PC setting where AES-NI acceleration is available. In the mobile setting, the fastest online time is achieved by a protocol based on the Diffie-Hellman assumption.

Si Ung Noh,Junguk Hong,Chaemin Lim,Seongyeon Park,Jeehyun Kim,Hanjun Kim,Youngsok Kim,Jinho Lee

2024-04-13

Abstract:Recent dual in-line memory modules (DIMMs) are starting to support processing-in-memory (PIM) by associating their memory banks with processing elements (PEs), allowing applications to overcome the data movement bottleneck by offloading memory-intensive operations to the PEs. Many highly parallel applications have been shown to benefit from these PIM-enabled DIMMs, but further speedup is often limited by the huge overhead of inter-PE communication. This mainly comes from the slow CPU-mediated inter-PE communication methods which incurs significant performance overheads, making it difficult for PIM-enabled DIMMs to accelerate a wider range of applications. Prior studies have tried to alleviate the communication bottleneck, but they lack enough flexibility and performance to be used for a wide range of applications. In this paper, we present PID-Comm, a fast and flexible collective inter-PE communication framework for commodity PIM-enabled DIMMs. The key idea of PID-Comm is to abstract the PEs as a multi-dimensional hypercube and allow multiple instances of collective inter-PE communication between the PEs belonging to certain dimensions of the hypercube. Leveraging this abstraction, PID-Comm first defines eight collective inter-PE communication patterns that allow applications to easily express their complex communication patterns. Then, PID-Comm provides high-performance implementations of the collective inter-PE communication patterns optimized for the DIMMs. Our evaluation using 16 UPMEM DIMMs and representative parallel algorithms shows that PID-Comm greatly improves the performance by up to 4.20x compared to the existing inter-PE communication implementations. The implementation of PID-Comm is available at

Distributed, Parallel, and Cluster Computing,Hardware Architecture

Pinghui Wang,Chengjin Yang,Dongdong Xie,Junzhou Zhao,Hui Li,Jing Tao,Xiaohong Guan

DOI: https://doi.org/10.1145/3588914

2023-01-01

Abstract:Counting the number of distinct elements distributed over multiple data holders is a fundamental problem with many real-world applications ranging from crowd counting to network monitoring. Although a number of space and computationally efficient sketch methods (e.g., the Flajolet-Martin sketch and the HyperLogLog sketch) for cardinality estimation have been proposed to solve the above problem, these sketch methods are insecure when considering privacy concerns related to the use of each data holder's personal dataset. Despite a recently proposed protocol that successfully implements the well-known Flajolet-Martin (FM) sketch on a secret-sharing based multiparty computation (MPC) framework for solving the problem of private distributed cardinality estimation (PDCE), we observe that this MPC-FM protocol is not differentially private. In addition, the MPC-FM protocol is computationally expensive, which limits its applications to data holders with limited computation resources. To address the above issues, in this paper we propose a novel protocol DP-DICE, which is computationally efficient and differentially private for solving the problem of PDCE. Experimental results show that our DP-DICE achieves orders of magnitude speedup and reduces the estimation error by several times in comparison with state-of-the-arts under the same security requirements.

Ryan G. James,Jeffrey Emenheiser,James P. Crutchfield

DOI: https://doi.org/10.3390/e21010012

2018-11-02

Abstract:The partial information decomposition (PID) is a promising framework for decomposing a joint random variable into the amount of influence each source variable Xi has on a target variable Y, relative to the other sources. For two sources, influence breaks down into the information that both X0 and X1 redundantly share with Y, what X0 uniquely shares with Y, what X1 uniquely shares with Y, and finally what X0 and X1 synergistically share with Y. Unfortunately, considerable disagreement has arisen as to how these four components should be quantified. Drawing from cryptography, we consider the secret key agreement rate as an operational method of quantifying unique informations. Secret key agreement rate comes in several forms, depending upon which parties are permitted to communicate. We demonstrate that three of these four forms are inconsistent with the PID. The remaining form implies certain interpretations as to the PID's meaning---interpretations not present in PID's definition but that, we argue, need to be explicit. These reveal an inconsistency between third-order connected information, two-way secret key agreement rate, and synergy. Similar difficulties arise with a popular PID measure in light the results here as well as from a maximum entropy viewpoint. We close by reviewing the challenges facing the PID.

Information Theory,Statistical Mechanics,Chaotic Dynamics

Liyan Shen,Xiaojun Chen,Jinqiao Shi,Binxing Fang

DOI: https://doi.org/10.1109/icc.2019.8761417

2019-01-01

Abstract:Private set intersection (PSI) is a specific application problem in the field of secure multi-party computation. It allows the participants to compute set intersection collaboratively without learning any additional information about the sets. It is a building block for many real-world privacy-related applications. The state-of-the-art PSI protocol is mainly based on Random Oblivious Transfer (ROT) and cuckoo hash. It is efficient enough in computation but needs high communication cost and high network bandwidth. In this paper, we describe a novel PSI protocol based on ROT and balance hash under semi-honest adversary model. Experiments demonstrate that our protocol has better performance than the cuckoo hash based PSI at the expense of leaking a part of the indexes of hash bucket. We have proved that the impact of information leakage on security is almost negligible. In addition, for the purpose of reducing the communication overhead, we utilize cuckoo filter to optimize our protocol.

Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-16342-5_12

2010-01-01

Abstract:In a selective private function evaluation (SPFE) protocol, the client privately computes some predefined function on his own input and on m out of server's n database elements. We propose two new generalized SPFE protocols that are based on the new cryptocomputing protocol by Ishai and Paskin and an efficient CPIR. The first protocol works only for constant values of m,, but has 2 messages, and is most efficient when m = 1. The second SPFE protocol works for any m, has 4 messages, and is efficient for a large class of functionalities. We then propose an efficient protocol for private similarity test, where one can compute how similar client's input is to a specific element in server's database, without revealing any information to the server. The latter protocol has applications in biometric authentication.

Yuanyuan He,Xinyu Tan,Jianbing Ni,Laurence T. Yang,Xianjun Deng

DOI: https://doi.org/10.1109/tifs.2022.3207911

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Private Set Intersection (PSI) is typically used to achieve ID alignment with protection of IDs in the preparation phase of Vertical Federated Learning (VFL). However, existing PSI approaches are limited to protecting IDs that are outside the intersection of participants, and most ignore the sensitivity of intersection for a weak party in an asymmetrical ID alignment. Since the set size of the strong party is much greater than the weak party's in an asymmetrical federation, and the intersection usually accounts for a substantial part of the weak party set, the weak party's sensitive sample IDs would be severely compromised through sharing the intersection. To address this issue, we propose Differentially private PSI Cardinality and PSI (DPSI-CA, DPSI) protocols, which protect the intersection cardinality and sensitive IDs inside the intersection for the weak party, respectively. First, DPSI-CA encodes IDs in binary notation, and combines them with the GM encryption, to perform the ID-matchmaking by executing bitwise plaintext XOR. Then, the encrypted matching results are independently perturbed using randomized responses to produce differentially private outputs for PSI-CA, and its unbiased estimate is added to remove the deviation brought by the randomization. Furthermore, DPSI fuses Pseudo-Random Function (PRF)-based zero sharing, garbled Bloom filter, and Oblivious PRF (OPRF)-based shares reconstruction, to successfully reconstruct the shares corresponding to sampled IDs in the intersection. Meanwhile, a randomized response is used to sample the inputs and perturb the outputs of the OPRF-based shares reconstruction, producing a randomly sampled intersection for the weak party and differentially private intersection for the strong party. Finally, the privacy analysis shows that our protocols provide differential privacy for the weak party's sensitive sample IDs, and extensive experiment results illustrate the feasibility of the asymmetrical ID alignment involving millions of IDs.

Siqi Lu,Hanjie Dong,Zhaoxuan Li,Laurance T. Yang

DOI: https://doi.org/10.1109/tdsc.2024.3371569

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In this work, we focus on the Private Intersection-Sum (PIS) with cardinality problem: two parties hold datasets containing user identifiers, and the second party additionally has an integer value associated with each user identifier. Both parties want to learn the number of users they have in common, and the sum of the integer values associated with a user, without revealing anything more. To this end, Google proposed a PIS protocol and released the open-source library Private-Join-and-Compute. And the security of the protocol has been proven proved in the honest-but-curious model. However, this study found a two potential shortcoming shortcomings in the Private-Join-and-Compute library: the user identifier stealing attack against the PIS protocol based on a special input data structure. An improved PIS protocol is proposed based on differential privacy technology, and the Private-Join-and-Compute open-source library is optimized. Through a security proof and formal analysis based on the Tamarin tool, we show that the improved PIS protocol successfully resists the discovered attack without obvious additional overhead.

computer science, information systems, software engineering, hardware & architecture

Ping Zhang,Tengfei Ma,Qing Zhang,Ji Zhang,Jiechang Wang

DOI: https://doi.org/10.3390/app14020813

2024-01-01

Abstract:Private Set Intersection Cardinality (PSI-CA) and Private Set Union Cardinality (PSU-CA) are two cryptographic primitives whereby two or more parties are able to obtain the cardinalities of the intersection and the union of their respective private sets, and the privacy of their sets is preserved. In this paper, we propose a new privacy protection intersection cardinality protocol, which can quickly deal with set inequality and asymmetry problems and can obtain 100% correct results, and, in terms of efficiency, we are much faster than using the polynomial method. Our protocol adopts the Paillier addition homomorphic encryption scheme and applies the identifier guidance technology, using identifier determination, to the semi-homomorphic encryption ciphertext environment, excluding a large number of different options and quickly finding the base of the intersection of two sides.

Ali Gholami,Kai Wan,Tayyebeh Jahani-Nezhad,Hua Sun,Mingyue Ji,Giuseppe Caire

2024-08-23

Abstract:In a typical formulation of the private information retrieval (PIR) problem, a single user wishes to retrieve one out of $ K$ files from $N$ servers without revealing the demanded file index to any server. This paper formulates an extended model of PIR, referred to as multi-message private computation (MM-PC), where instead of retrieving a single file, the user wishes to retrieve $P>1$ linear combinations of files while preserving the privacy of the demand information. The MM-PC problem is a generalization of the private computation (PC) problem (where the user requests one linear combination of the files), and the multi-message private information retrieval (MM-PIR) problem (where the user requests $P>1$ files). A baseline achievable scheme repeats the optimal PC scheme by Sun and Jafar $P$ times, or treats each possible demanded linear combination as an independent file and then uses the near optimal MM-PIR scheme by Banawan and Ulukus. In this paper, we propose a new MM-PC scheme that significantly improves upon the baseline schemes. In doing so, we design the queries inspired by the structure in the cache-aided scalar linear function retrieval scheme by Wan {\it et al.}, which leverages the dependency between linear functions to reduce the amount of communications. To ensure the decodability of our scheme, we propose a new method to benefit from the existing dependency, referred to as the sign assignment step. In the end, we use Maximum Distance Separable matrices to code the queries, which allows the reduction of download from the servers, while preserving privacy. By the proposed schemes, we characterize the capacity within a multiplicative factor of $2$.

Information Theory

Lifei Wei,Jihai Liu,Lei Zhang,Qin Wang,Wuji Zhang,Xiansong Qian

DOI: https://doi.org/10.1016/j.csi.2023.103764

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:Private set intersection (PSI) has attracted the researchers and the developers both from academia and industry in cooperating the private data to achieve privacy preserving. Traditional PSI protocols allow the two participants with each private sets interactively calculating the intersection without revealing any additional information. Multi-party private set intersection (MP-PSI) is quite different from the conventional two-party PSI, which could not directly obtain from the two-party PSI, and become an emerging topic in collaborative data analytics from different private data owners. However, the most of the existing MP-PSI protocols always consider the small number of the participants with large set size and the performance drops with the increasing number of participants. In addition, the participants with small set size also bring the heavy communication and computation overhead. To overcome the above drawbacks, we propose two efficient MP-PSI protocols for large number of participants and small set size, and formally prove secure against collision attack in the semi-honest model and malicious model. The experiments show that when the participant number increases from 5 to 50 and the set size scales from 2 7 to 2 10 , our protocols are faster than the most efficient MP-PSI protocol. Thus, our MP-PSI protocols are considering to be practical solutions, which fit the scenarios in small set size with increasing participants.

computer science, software engineering, hardware & architecture

Xuhui Gong,Qiang-Sheng Hua,Hai Jin

DOI: https://doi.org/10.1109/iwqos54832.2022.9812897

2022-01-01

Abstract:Private Set Operations (PSO) are a hot research topic and one of the most extensive research problems in data mining. In the PSO, Multi-party Private Set Union (MPSU) is one of the fundamental problems. It allows some participants to learn the union of their data sets without leaking any useful information. However, most of the existing works have high communication, computation and round complexities. In this paper, we first propose a novel and efficient protocol to securely compute MPSU under the semi-honest model. In our system model, there exist n participants where each participant has a set of size k (k could be different among participants). There are also up to t (0 ≤ t < n) participants which could collude with each other. We suppose the communication channels among participants are insecure and can easily suffer from eavesdropping attacks. Our first protocol using element computing algorithm and Homomorphic Encryption, i.e., HE-MPSU, only requires O(1) rounds and has O(nNλ) communication complexity which almost matches the communication lower bound Ω(nN/log n) for the MPSU problem, where λ is a security parameter and N (k ≤ N ≤ nk) is the set union cardinality. In addition, we note that for the two-party case, i.e., n = 2, our HE-MPSU protocol has the same complexities as the state-of-the-art work in [1]. For this special case, i.e., two-party Private Set Union (PSU), we further optimize and design a more efficient protocol using oblivious transfer (OT) protocol, i.e., OT-PSU. It only requires O(1) rounds and O(kλ) communication complexity which almost matches the communication lower bound Ω(k). More importantly, it avoids using computationally expensive public-key operations (exponentiations). In other words, the number of exponentiations in this protocol is independent of the size of the data sets. Compared with the existing protocols, our two protocols have the lowest communication, computation and round complexities.

Guowei Ling,Fei Tang,Chaochao Cai,Jinyong Shan,Haiyang Xue,Wulu Li,Peng Tang,Xinyi Huang,Weidong Qiu

DOI: https://doi.org/10.1109/tifs.2023.3343973

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Private Set Intersection (PSI) protocols can securely compute the intersection of the private sets on the server and the client without revealing additional data. This work introduces the concept of Privacy-Preserving Feature Retrieved Private Set Intersection ((PFRPSI)-F-2). In (PFRPSI)-F-2 protocols, the client can obtain the intersection that satisfies a given predicate without revealing the predicate and additional data. We formally define the (PFRPSI)-F-2 protocol, including its inputs, outputs, functionality, and security. To achieve the privacy guarantee in (PFRPSI)-F-2 protocols, a new two-party protocol is designed, namely Secure Secret Shared Retrieval ((SR)-R-3), which can be used to securely determine whether each item on the server satisfies the predicate. We construct an (SR)-R-3 protocol and prove its security in the semi-honest model. On the basis of this, we design an efficient OT-based (PFRPSI)-F-2 protocol and an easy-to-implement DH-based (PFRPSI)-F-2 protocol and prove that they are secure in the semi-honest model. Our implementation shows that the OT-based (PFRPSI)-F-2 protocol can perform the matching for about 1000K items in 3.8 seconds with a single thread. Moreover, the DH-based (PFRPSI)-F-2 can perform the matching for about 7000K items in one hour with four threads, with communication totaling 1456 MB, while the OT-based (PFRPSI)-F-2 protocol requires 1673 MB.

Dan Meng,Zhihui Fu,Chao Kong,Yue Qi,Guitao Cao

DOI: https://doi.org/10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00029

2022-01-01

Abstract:Multi-party privacy set intersection (MPSI) enables multiple parties to compute the intersection of their datasets without leaking data privacy. Among existing MPSI protocols, e.g., KMPRT-based protocols, oblivious evaluation of programmable pseudo-random function (OPPRF) or oblivious pseudo-random function (OPRF) is typically used to generate pseudo random numbers, requiring frequent online interactions. To mitigate such communication overheads, we propose the threshold Privacy Set Intersection (t-PSI) protocol for multi-party, leveraging the Shamir Secret Sharing (SSS) protocol and the masking construction mechanism. We propose two types of masking construction mechanisms: Polynomial and Garbled Bloom-filter. To the best of our knowledge, this is the first Secret Sharing-based MPSI protocol. With the significant reduction of inter-party communication, the t-PSI protocol is highly scalable and can handle datasets ranging from 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">6</sup> to 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">20</sup> . Further, with built-in fault tolerance, t-PSI works even if some parties went offline during protocol execution. As shown in the experiments, for five parties with datasets of 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">20</sup> items each, the proposed t-PSI takes only 63 seconds, outperforming the state-of-the-art in [1].

Huaqun Wang,Debiao He,Jia Yu,Zhiwei Wang

DOI: https://doi.org/10.1109/tsc.2016.2633260

IF: 11.019

2016-01-01

IEEE Transactions on Services Computing

Abstract:When the data is stored in public clouds, provable data possession (for short, PDP) is of crucial importance in cloud storage. PDP can make the users verify whether their outsourced data is kept intact without downloading the whole data. In some application scenarios, anonymity is very important in order to protect the user identity privacy. In order to encourage users to disclose bad event, the government or organization or individual may pay for the user who provides the precious data. Thus, incentive and unconditionally anonymous identity-based public PDP (for short, IAID-PDP) is a very important security concept. From the above requirements, for the first time, we propose the concept of IAID-PDP. We formalize its system model and security model. Based on the bilinear pairings, a concrete IAID-PDP protocol is presented. Based on the standard hard problems, the proposed IAID-PDP protocol is provably secure. IAID-PDP protocol eliminates the complex certificate management since it is designed in the identity-based public key cryptography. Through the performance analysis and security analysis, our IAID-PDP protocol satisfies the following properties: certification elimination, incentive, unconditional anonymity and remote data integrity checking.

Ziyuan Liang,Weiran Liu,Fan Zhang,Bingsheng Zhang,Jian Liu,Lei Zhang,Kui Ren

2020-01-01

Abstract:Private Set Intersection (PSI) is a specified protocol of secure Multi-Party Computation (MPC). PSI allows two parties to obtain the intersection of their private sets while nothing else is revealed. In contrast to the great demand for PSI in real-world applications, there is still no evaluation results of different general practical PSI framework. Most existing PSI implmentations are based on C/C++, which also makes them hard to compute in parallel. In this paper, we propose a generic Java-based PSI framework and implement all up-to-date OT-based PSI protocols within the framework until now. We evaluate these OT-based PSI protocols and the dependent cryptographic primitives and provide the best combination of primitives for constructing a best-performed OT-based PSI from the ground up. Additional optimizations are also applied to the protocols in our framework, including both generic and custom-tailored ones. We adopt filters to significantly reduce the communication of OT-based PSI protocols. The implementations in our framework support concurrence by using the natural feature of Java, which avoids to manurally allocate threads when using C/C++. We believe that our framework benefits a lot for future MPC and PSI researches and helps the promotion of PSI-based applications.

Shengnan Zhao,Ming Ma,Xiangfu Song,Han Jiang,Yunxue Yan,Qiuliang Xu

DOI: https://doi.org/10.1007/978-3-030-86137-7_12

2021-01-01

Abstract:As a significant basis for privacy-preserving applications of Secure Multiparty Computation (MPC), Private Set Intersection (PSI) has long been a question of great interest in a wide range of field, such as ad conversion rates and private contact tracing. Threshold PSI (t-PSI), a variant of PSI, allows two parties to learn the intersection of two sets only if the cardinality of intersection is larger (or lesser) than a threshold t. In this paper, we give a generic t-PSI construction that relies heavily on Oblivious Transfer (OT). Without resorting to the relatively expensive homomorphic calculation approaches from public-key mechanism, two kinds of t-PSI protocols could be efficiently implemented based on our proposed construction, i.e., t(<=) PSI and t(>)-PSI. Specially, we construct two efficient protocols named secret-sharing private equality test (ss)PEQT and membership text (PMT)-P-ss, which enable PSI to scale to a wide range of practical applications. The experimental simulation results show that our protocols are efficient and computation friendly.

Junwei Zhang,Xin Kang,Yang Liu,Huawei Ma,Teng Li,Zhuo Ma,Sergey Gataullin

DOI: https://doi.org/10.3390/sym15020319

2023-01-01

Symmetry

Abstract:A private intersection-sum (PIS) scheme considers the private computing problem of how parties jointly compute the sum of associated values in the set intersection. In scenarios such as electronic voting, corporate credit investigation, and ad conversions, private data are held by different parties. However, despite two-party PIS being well-developed in many previous works, its extended version, multi-party PIS, has rarely been discussed thus far. This is because, depending on the existing works, directly initiating multiple two-party PIS instances is considered to be a straightforward way to achieve multi-party PIS; however, by using this approach, the intersection-sum results of the two parties and the data only belonging to the two-party intersection will be leaked. Therefore, achieving secure multi-party PIS is still a challenge. In this paper, we propose a secure and lightweight multi-party private intersection-sum scheme called SLMP-PIS. We maintain data privacy based on zero sharing and oblivious pseudorandom functions to compute the multi-party intersection and consider the privacy of associated values using arithmetic sharing and symmetric encryption. The security analysis results show that our protocol is proven to be secure in the standard semi-honest security model. In addition, the experiment results demonstrate that our scheme is efficient and feasible in practice. Specifically, when the number of participants is five, the efficiency can be increased by 22.98%.

Hsuan-Yin Lin,Siddhartha Kumar,Eirik Rosnes,Alexandre Graell i Amat,Eitan Yaakobi

DOI: https://doi.org/10.48550/arXiv.2007.10174

2021-11-02

Abstract:Private information retrieval (PIR) protocols ensure that a user can download a file from a database without revealing any information on the identity of the requested file to the servers storing the database. While existing protocols strictly impose that no information is leaked on the file's identity, this work initiates the study of the tradeoffs that can be achieved by relaxing the perfect privacy requirement. We refer to such protocols as weakly-private information retrieval (WPIR) protocols. In particular, for the case of multiple noncolluding replicated servers, we study how the download rate, the upload cost, and the access complexity can be improved when relaxing the full privacy constraint. To quantify the information leakage on the requested file's identity we consider mutual information (MI), worst-case information leakage, and maximal leakage (MaxL). We present two WPIR schemes, denoted by Scheme A and Scheme B, based on two recent PIR protocols and show that the download rate of the former can be optimized by solving a convex optimization problem. We also show that Scheme A achieves an improved download rate compared to the recently proposed scheme by Samy et al. under the so-called $\epsilon$-privacy metric. Additionally, a family of schemes based on partitioning is presented. Moreover, we provide an information-theoretic converse bound for the maximum possible download rate for the MI and MaxL privacy metrics under a practical restriction on the alphabet size of queries and answers. For two servers and two files, the bound is tight under the MaxL metric, which settles the WPIR capacity in this particular case. Finally, we compare the performance of the proposed schemes and their gap to the converse bound.

Information Theory